Protecting What Matters Most
HIPAA Guidelines & Compliance
HIPAA compliant eCommerce is relatively complicated due to the HIPAA requirements and the fact that these requirements span across both the technical and the data side of an eCommerce application. It also goes into the internal business processes in its need for constant monitoring and validation that the application is indeed complying with HIPAA guidelines.
As a result, there is a consistent and never-ending requirement to audit and review in order to adjust and fine-tune a HIPAA compliant eCommerce application. The best practices are periodically complete penetration tests, white hat hacking, and other forms of validation against the software. You should also have security audits against the hosting and infrastructure to ensure that the data is encrypted at rest, and then that there is some form of validation process for auditing and reviewing what people have access to.